Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Question about CARP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Question about CARP (Read 1681 times)
DividedByPi
Newbie
Posts: 3
Karma: 0
Question about CARP
«
on:
January 20, 2020, 03:40:37 pm »
Hi there. New to the forum, and I have some questions I was hoping I could get some help for. Thanks!
So I am working on a little PoC project and so I have been given a block of 5 IP addresses from my WAN. I am currently using OPNsense as my Router/Firewall. However, I have been thinking about setting up CARP for automatic failover just to eliminate a single point of failure.
However, looking at the document to set it up - it appears that it is set up as a redundant firewall, and not router as well. The document assumes there is another router in front of the redundant firewalls before it passes on to the internet.
So my question is, since I have a block of 5 Public IP addresses from my ISP, I am wondering if I will come across any issues by configuring VHID Group 1 (from the document) to be addresses I have been given from my ISP?
The IP's I have been given are all within the same subnet, of course.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Question about CARP
«
Reply #1 on:
January 20, 2020, 04:19:47 pm »
You will need 3 IPs for CARP, unit1, unit2, virtual IP. Then you are good to go
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
DividedByPi
Newbie
Posts: 3
Karma: 0
Re: Question about CARP
«
Reply #2 on:
January 20, 2020, 05:07:30 pm »
oh really, that is awesome! Thanks
Logged
newsense
Hero Member
Posts: 1038
Karma: 77
Re: Question about CARP
«
Reply #3 on:
January 20, 2020, 05:23:03 pm »
Probably two ISPs should be considered too, otherwise is a bit of a moot point...
Logged
DividedByPi
Newbie
Posts: 3
Karma: 0
Re: Question about CARP
«
Reply #4 on:
January 20, 2020, 06:18:34 pm »
Yeah that is very true if I wanted true HA WAN, but this is essentially just to have HA firewalls without the need to put an additional router in front of them. It will service my needs for now!
Another thing that is off-topic, and probably warrants another thread but - I was just doing some learning and trying new things, I set up a virtual IP (alias) on what is still currently my single OPNsense router and gave it one of the IPs from the block I was given... This however broke the VPN I have setup on the router immediately. I know theres probably a very obvious reason for this, but I think I am missing it.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Question about CARP